Network Address Translation

You cannot use private address spaces on a network and have those devices communicate with Internet devices without doing some type of translation to convert addresses of one type to addresses of another type.

Think about a large company with a large building and many offices. Mail comes to the mailroom and someone in that mailroom has the job of translating addresses from John Smith, Big Company, 123 Some Street, Thistown, Thatstate to Office 212. To translate the address, the mail clerk looks up John Smith’s office address in a table. People outside the company do not need to worry about the fact that John’s office is 212.

Network Address Translation (NAT), as defined in RFC1631, works on a similar principle. All your devices have internal addresses that are used, and you have a pool of external of public addresses that you can use. When an internal device talks to an external device, then a mapping is placed in a table between those two addresses.

This mapping can be done manually or automatically. Devices outside of the network will see only the external address, and when they send data back, it is matched on the mapping table and redirected to the correct internal address. The actual device inside the network using that outside address can change over time.

For example, you may see 192.168.8.50 using the public address of 192.0.2.100, but tomorrow you may have 192.168.8.58 using the address of 192.0.2.100 and 192.168.8.50 using the address of 192.0.2.101. This would be the same as moving John Smith to office 503 and placing another person in office 212; the mailroom will still deliver the mail to the correct person.